From 1612c8dfe992fba0af1e8c283da36f7dfb2164f7 Mon Sep 17 00:00:00 2001
From: Ciro Scognamiglio <ciro.scognamiglio@cslash.net>
Date: Mon, 23 Dec 2013 15:31:17 +0100
Subject: [PATCH] added access restrictions to ntp.conf

---
 PlanetLabConf/ntp.conf.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/PlanetLabConf/ntp.conf.php b/PlanetLabConf/ntp.conf.php
index 4945fb0..247ffe1 100755
--- a/PlanetLabConf/ntp.conf.php
+++ b/PlanetLabConf/ntp.conf.php
@@ -49,6 +49,13 @@ if (!empty($sites)) {
 print( "# node $hostname site $site_name $mylat $mylong $model\n");
 print( "driftfile /var/lib/ntp/ntp.drift\n" );
 print( "statsdir /var/log/ntpstats/\n" );
+print( "# Permit time synchronization with our time source, but do not\n");
+print( "# permit the source to query or modify the service on this system.\n");
+print( "restrict default kod nomodify notrap nopeer noquery\n");
+print( "restrict -6 default kod nomodify notrap nopeer noquery");
+print( "restrict 127.0.0.1");
+print( "restrict -6 ::1");
+
 if (is_numeric(array_search($model, $problem_models))) {
   print( "tinker stepout 0\n" );
 }
-- 
2.43.0